Data quality underpins success in stress tests
When it comes to stress testing, spreadsheets have emerged as a potential source for proliferating bad data, prompting banks to search for other often more automated solutions. By Henry Umney, Vice President of Sales at governance specialist ClusterSeven
A recent paper published by the Adam Smith Institute (ASI) declared that the Bank of England (BoE) stress testing programme is plagued by ‘fatal flaws’, with poor data among the issues it flagged up.
Most stress test exercises on financial institutions are conducted wholly or partially via spreadsheet-based models. The ASI report categorically identifies the problem of poor data that is fed into these tools, causing errors in calculations.
What is worrying is that this finding is not news to the BoE, which acknowledged the issue of data quality in its 2014 stress test report. Despite this, data and in particular spreadsheet risk management, continues to go un-monitored, with no tangible drive for risk management of end user computing (EUC), that is spreadsheets, databases and financial modelling tools. Banks spend millions of pounds on IT, but appear to completely ignore management of their spreadsheet landscape, which underlies their regulatory compliance and model governance initiatives.
However, financial institutions will now be compelled to change. Unlike previously when regulators focused their attention on ensuring the governance around the models, now they are demanding that banks demonstrate transparency around the ecosystem of tools that feed these models.
Undoubtedly, EUC application management is challenging and complex. Banks are typically reliant on hundreds of spreadsheets to support their models, and just a single data error in one file can proliferate across the entire EUC landscape, feed inaccurate data into a model and produce inaccurate outputs.
EUC’s pose risks to financial institutions for a number of reasons, the foremost being their size. Spreadsheets contain vast amounts of data, stored in multiple sheets, making discrepancies difficult to identify. This problem is compounded by the linkage of these applications via formulae, creating an environment in which discrepancies are not in plain sight, often occurring in data not intended to be viewed after initial input. Also, spreadsheets are frequently shared and transferred between users, resulting in multiple documents, only one of which is up to date. If they are not stored and labelled correctly, subsequent users are unable to identify which spreadsheet contains the raw data and which is the most up to date, potentially causing discrepancies from the use of old or incorrect data.
EUC applications are often developed by individuals without formal software training. Most organisations do not implement standardised and structured developmental methodologies to reduce and contain risks. There is a cultural issue, too. IT departments see acknowledging the need for EUC management as perpetuating the use of uncontrolled and inadequate technology: they prefer the use of enterprise business applications, so gaining their attention for proper use of spreadsheets is often a challenge.
Fundamental to EUC management and data quality is transparency. Banks need transparency around how data is created and where the transformations in the data and models are occurring to establish processes and controls to ensure it is of good quality. Many banks do this manually, which is wasted effort. They undergo a number of fire drills to identify poor data and double-check its accuracy.
On the other hand, technology can facilitate the adoption of best practice processes to ensure data quality by embedding governance into the business operation, supporting everything from creation of new EUC applications through to eventual decommissioning of these files.
Solutions exist that enable banks to understand and control the entire data ecosystem that surrounds the stress testing model, for example, what type of EUC the data coming from (spreadsheets, access databases and other similar EUC applications); is it one spreadsheet or multiple spreadsheets that feed data into the model; what are the data linkages between the various data feeds; and so on. Such visibility is based on an exhaustive process of discovery of scanning file shares and repositories, as well as analysing the overall EUC estate structure, properties and content. Banks are able to rank the discovered files by the level of risk (or materiality) they pose based on the risk appetite of the organisation. At the end of this process, banks have complete visibility of the inventory of files on which they rely and have a holistic view of the complex web of data flows, on an ongoing basis.
Such solutions enable financial institutions to set up data change management processes and control mechanisms, supported by an audit trail to ensure that the integrity of the data is always maintained. The automation offered by technology solutions facilitates re-attestation of the models, and tools that feed them, with real-time reporting and monitoring functionality. This enables banks to periodically re-evaluate the models and tools to ensure that they are indeed working as desired by the organisation.
This technology-led approach to data quality management eliminates the need for manual checking as well as credibly demonstrating the validity of stress testing models and the accuracy of the corresponding outputs to satisfy regulators. EUC management solutions demonstrate data lineage, allowing business process owners to plan data improvements. Crucially, such systems allow users to employ human judgement to alter data sets, which is important to improve the alignment between theoretical calculations and the real world. While organisations are engrossed in meeting regulatory demands, the big benefit of good data is its strategic use for meeting business goals.
Originally published on Global Risk Regulator.